Navy's top cyber advisor decries overuse of the word 'attack’ to describe cyber incidents

Chris Cleary, Navy principal cyber adviser, speaks during a panel at DefenseTalks 2022. (DefenseScoop)

Not every malicious cyber incident constitutes an “attack,” and people need to stop throwing that word around so much, the Navy’s principal cyber advisor told members of industry on Tuesday.

“I want to talk about the word ‘attack’ for a minute. Because this is something that I think we’ve overused, and we have to get better with this,” Chris Cleary said at the AFCEA NOVA Naval IT conference.

He used a parenting analogy to illustrate his point.

“If my oldest daughter called from school and said, ‘Dad, I’ve just been attacked’ … And If when I got there she opened up her laptop and showed me a spear phishing email, I’d say ‘we have to work on your language.’ Because right now, we call that an attack. Everything that happens in this domain has one word associated with it: attack. And I would argue this is where industry is taking words that the military always use that has very specific definitions” and applying them incorrectly to certain types of cyber incidents, Cleary said.

Under the laws of armed conflict, an attack is generally defined as something specifically designed to kill or injure people or damage equipment, he noted.

“If you’ve haven’t found yourself in one of those two aspects, you’re probably not quote-unquote under attack. Somebody stealing actual trade information from you is not necessarily an attack — they’re not trying to degrade your ability to conduct your mission,” Cleary said.

However, government agencies need to know when institutions are experiencing a true cyberattack so that they can better provide assistance, he suggested.

“Once it begins to tip into that space, you have to learn how to identify that differently, because then it will require resources,” he added. “We can’t go everywhere, but there are always some things that we need to respond to a little bit differently. And this really comes into the whole whole-of-government approach to include being led by CISA and the Department of Homeland Security. But how do we work together to identify when there are legitimate attacks in this space and how we, you know, marshal resources to come to your aid?”